Exam AWS-SysOps topic 1 question 69 discussion

They are not different answers, actually the answer can be combined for the policy. Which is A. It is not possible to define a policy at the object level B. It will throw an error for teh wrong action and does not allow the saw policy.

A is the answer This policy is wrong. You cannot have the permission S3:listbucket when resource are the files within the bucket.

Answer is A. It is not possible to define a policy at the object level, that policy shpuld be something like this: { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":["s3:ListBucket"], "Resource":"arn:aws:s3:::cloudacademy" }, { "Effect":"Allow", "Action":[ "s3:GetObject", "s3:GetObjectAcl", ], "Resource":"arn:aws:s3:::cloudacademy/*.jpg" } ] }

https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-overview.html#access-control-resources-manage-permissions-basics

https://www.examtopics.com/exams/amazon/aws-sysops/view/59/

A. It is not possible to define a policy at the object level

I'll go with A

Bucket and object permissions are independent of each other. An object does not inherit the permissions from its bucket. For example, if you create a bucket and grant write access to a user, you can't access that user’s objects unless the user explicitly grants you access. Bucket permissions generally allow a user to list information about a bucket and add and delete objects from a bucket. Object permissions generally allow a user to download, replace or delete objects. https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-permissions.html Ans C

The answer is A. You cant define object level policy.

Question 1 & 2 topic 2, they are exactly the same but why different answers?